I’ve seen this topic before when reviewing the 70-410 exam books, though for that exam very little is mentioned or indeed required. So until now I’ve given it scant notice. However, having read more about it I can see it will continue to have a growing use in the years ahead, as my requirement to provision multiple standardised servers grows. DSC really looks like it can replace the need for storage-heavy VM templates and multiple GPOs and can quickly deploy standardised servers and maintain the initial settings in the event they are changed by well-meaning, but meddling System Administrators.

As I have only just dipped my toe into the DSC ocean, this post is really as much for my benefit as anyone eases (though I’m always glad to see you of course). It’s just a basic step-through to create a MOF file and apply that to the target. I don’t mention any of the underlying concepts and terminology because there’s a plethora of information out there on Technet and beyond.

Task: I need to ensure a new directory is created on my domain controller (CIV-DC1)

Create the Configuration file:

Configuration AccountingDir {

Import-DscResource –ModuleName ‘PSDesiredStateConfiguration’

Node CIV-DC1 {#create a new directory in the C drive called accounting

#run this to create the MOF file#the name of the configuration fileAccountingDir -OutputPath c:\temp

#run this to apply the MOF file to the targetStart-DscConfiguration -path C:\temp -Wait -Verbose -Force

NB: The image below will be used during the next section, I used the PowerShell ISE:

NB: Please note line 3, when I did not have this I got the following error:

Step 1: Load the Configuration Function Into Memory

Select the Configuration text and run this in ISE

Step 2: Generate the MOF file

Highlight the command (the name of the Configuration and specify a location where therMOF file will be stored) and run this in ISE, you should get the following output:

Step 3: Apply the MOF settings to the target

Highlight the Start-DscConfiguration line, which includes the location of the MOF file (you don’t stipulate the actual MOF file) and run in ISE. The target for the MOF file is stipulated in the first lines of the MOF file so PowerShell and LCM know what the target is. If it is successfully applied you will see the following:

Visually checking on CIV-DC1 shows the new directory:

You can also run a test to confirm if the settings in the MOF file are still active/applied on the target using the Test-DscConfiguration command:

After these two updates were installed and the computer rebooted I could not get my computer to connect to my wifi, it kept failing with the error “The security key is incorrect”.

I knew the key was correct because I was able to access my router from another laptop and confirm the password I was entering was correct. I even tried using the WPS auto-configuration but that didn’t work either.

The Solution

I decided to uninstall both those updates as that was the only change my , starting with KB4053579. After uninstalling this one, and without a reboot, I tried connecting to my wifi, this time it worked without any issue. I didn’t uninstall KB4049411.

I don’t usually like uninstalling updates given they’re meant to secure my device or make it more stable, nor would I normally advocate anyone else doing the same but I really didn’t have a choice here. Please consider the security implications before doing so yourself. I will attempt to reinstall it in a few days once I get my work finished and will post an update here afterwards to let you know the outcome.

In this example I want to check if a list of users samAccountNames returns a list of matching displaynames. In the event that the user is not found I don’t want a system error displayed, I want a custom error message. This is done using a Try & Catch statement, the Try element being the test and the Catch element what I want the custom error to be.

I have VMs configured to use either an Internal virtual switch or a Private virtual switch

The Problem

As neither an Internal or Private virtual switch are bound to a physical NIC they have no way of getting internet connectivity. This for me is a real problem as I want to connect to the internet to download updates and other files from these VMs.

You have already created a standard Private and/or Internal virtual switch

You have a physical NIC on the Hyper-V host that is already connected to a network that has Internet access.

Step 1: Open the services on the Hyper-V host and select the “Routing and Remote Access” service, enable it and set it to automatically run.

Check also that the “Internet Connection Sharing (ICS)” is set to automatic and is started.

Step 2: Open the Network and Sharing Center (NCS) and open the properties of the physical NIC on the Hyper-V host that is connected a network that has Internet connectivity. Select the Share tab and enable the “Allow other network users to connect through this computer’s Internet connection” option.

In the drop down menu select the virtual switch Private/Internal NIC which will use this ICS connection. In the NCS a new icon will appear called “Incoming Connections“.

Step 3: Staying in the Network and Sharing Center open the properties of the virtual switch Private/Internal NIC and ensure it has a static IP address. In my tests it was automatically assigned 192.168.137.1/24, but you can assign any address as you require – make a note of this as it is needed in Step 4.

Step 4: For the VMs to use this ICS, login to them and open their Network and Sharing Center and configure the NIC to have a static IP address in the same subnet. In my example I gave my VM the address 192.168.137.10/24. Finally set the default gateway for the VM to be the IP address of the address of the virtual switch Private/Internal NIC, in my case 192.168.137.1.

In my example I also added the google DNS server 8.8.8.8 to the DNS settings in the VM, but configure this as fits your requirements.

Step 5: Test you have Internet connectivity. In my example no further configuration was required, I had Internet access immediately

Important: As this client has got direct Internet access it is advisable to install an anti-virus solution and ensure it is fully patched.

I have a Windows 10 (v1607) Pro instance with AVG Internet Security 17.5 installed, including the AVG Firewall component.

I have the Hyper-V feature enabled and an Internal Hyper-V vSwitch named “hv-int” which all my VMs use. This vSwitch uses the APIPA 169.254.0.0/16 range.

The Problem

I cannot locally connect to any of my VMs via the Connect option in Hyper-V Manager, the connection just times out after several attempts. When I disable the AVG Firewall it works fine, but I don’t want to permanently disable my Firewall for obvious reasons.

The Solution

By default all local network connections, including Hyper-V vSwitches are classified as Public. By changing this to the more trusted Private option the local connections are permitted:

Step 4: Click the left-menu Components option and in the main pane scroll down to the Firewall option. Click Customize.

Step 5: Click the left-menu Network profiles option and in the main pane locate your Hyper-V vSwitch. Change the Profile type from Public to Private. Click OK to confirm the changes and exit out of the AVG console.

Now try launching a local connection to the VM via the Hyper-V Manager, in my case it now worked.